Designing and Implementing an external architecture for SharePoint farm could be a challenging job especially if not done right. In this series I'll talk about implementing a SharePoint external Farm, with BI stack in mind; i.e. a complete Microsoft BI Stack for external presence.
Below are the ingredients of a
typical Microsoft BI Stack.
- SharePoint as front end
- SQL Server Analysis Services Server for Cube DB
- Corporate Data warehouse/data marts for application data
Critical considerations should be
given to placement of these services within organizational network. Not all
segments of this stack should be hosted externally in DMZ for security’s sake.
Careful approach should be taken to expose only enough components which requires external
presence.
Let’s understand the process step-wise. Most of the organizations have clearly defined network segments for internal as well external presence. At times organizations have special security zones for sensitive data. In case there is no special zone for sensitive data, it merges with GNZ.
Because SharePoint is going to be the
front-end it ends up in DMZ. SharePoint gives us a flexibility to host difference
component services on separate servers. Let’s see two scenarios for
SharePoint external presence to understand their usage.
- SharePoint as a standalone content management system
- SharePoint as front-end of a data driven stack (example: Business Intelligence Application)
SharePoint as a standalone content management system
This is a bare bones scenario where SharePoint is used with its basic functionality to host static content. The SharePoint content has no dependency on any corporate database. This is simple design, and the entire SharePoint farm can reside inside the DMZ, downside being, that it cannot host any sensitive data as it is prone to any malicious attack from internet.
SharePoint as front-end for a data driven stack (example: Business Intelligence Application)
This is where the complexity starts because SharePoint feeds on data hosted in the corporate network. A good and policy driven network architecture would not allow direct connectivity between DMZ and GNZ. To overcome this kind of problem, network architects usually build HTZ. They provide a staging area which sits between DMZ and GNZ. HTZ contains strong firewalling to deflect any external attack. Below picture explains how a Microsoft BI Stack would look like in an external presence.
The architecture looks simple but its very complex to implement. In next post we will see how to implement this architecture.
Next: Click Here
